Published on March 31, 2016
1. #cbizmhmwebinar 1 CBIZ & MHM Executive Education Series™ Building an Actionable and Easy-to-Implement Business Continuity Plan Mark Madar March 31, 2016
2. #cbizmhmwebinar 2 About Us • Together, CBIZ & MHM are a Top Ten accounting provider • Offices in most major markets • Tax, audit and attest* and advisory services • Over 2,900 professionals nationwide A member of Kreston International A global network of independent accounting firms *MHM is an independent CPA firm providing audit, review and attest services, and works closely with CBIZ, a business consulting, tax and financial services provider.
3. #cbizmhmwebinar 3 Before We Get Started… • To view this webinar in full screen mode, click on view options in the upper right hand corner. • Click the Support tab for technical assistance. • If you have a question during the presentation, please use the Q&A feature at the bottom of your screen.
4. #cbizmhmwebinar 4 CPE Credit This webinar is eligible for CPE credit. To receive credit, you will need to answer periodic participation markers throughout the webinar. External participants will receive their CPE certificate via email immediately following the webinar.
5. #cbizmhmwebinar 5 Disclaimer The information in this Executive Education Series course is a brief summary and may not include all the details relevant to your situation. Please contact your service provider to further discuss the impact on your business.
6. #cbizmhmwebinar 6 Presenter Mark has 22 years of experience in business continuity and disaster planning with organizations of all sizes in the financial, manufacturing, insurance, technology and professional services industries. He is a member of CBIZ’s Risk & Advisory Services practice, providing leading-edge consulting services to help organizations navigate the complexities of controlling their business. 216.525.1956 • [email protected] MARK MADAR National Director
7. #cbizmhmwebinar 7 Agenda Why Create a Business Continuity Plan?01 02 Different Types of Plans 03 The Business Continuity Plan Life Cycle 04 Looking Ahead 05 Questions?
8. #cbizmhmwebinar 8 WHY CREATE A BUSINESS CONTINUITY PLAN?
9. #cbizmhmwebinar 9 Planning to Meet Expectations Clients, regulatory agencies and Board Committees are seeking to mitigate risk. • Organizations are being asked to demonstrate their abilities in the following areas: • Develop plans that will address widespread events and disruptions • Ensure personnel are trained on the plan • Store plans and critical files remotely for easy access • Communicate with clients and employees • Update plans regularly • Test regularly
10. #cbizmhmwebinar 10 How Would You React? How do you RESPOND to an incident? How do you RECOVER from an incident?
11. #cbizmhmwebinar 11 Having a Plan to Deal with the Unexpected… A process whereby businesses can • Respond to an incident • Recover critical business operations when confronted with adverse events such as natural disasters, technological failures, human error or other unplanned incidents.
12. #cbizmhmwebinar 12 Having a Plan to Deal with the Unexpected… More simply described… It is a coordinated strategy involving plans that assures your business has the ability to continually meet your customers’ needs if faced with an unplanned business disruption.
13. #cbizmhmwebinar 13 Why Have a Plan? • Reduce reliance on key personnel • Protect assets • Increase safety of all personnel • Minimize decision-making during the recovery • Reduce delays during the recovery process • Provide a sense of security • Limit potential exposure and reduce legal liability • Provide organizational stability
14. #cbizmhmwebinar 14 Why Have a Plan? • Maintain continuity of operations, stay in business! • Maintain customer service • Relocate critical operations quickly • Minimize financial losses • Reduce disruptions to critical operations • Achieve an orderly recovery • Comply with legal, contractual, audits, and government regulations
15. #cbizmhmwebinar 15 DIFFERENT TYPES OF PLANS
16. #cbizmhmwebinar 16 Different Types of Plans Incident Management Plan Response & Communication Business Continuity Plan Business Recovery IT Disaster Recovery Plan Technology Recovery Evacuation Plan Life and Safety Procedures
17. #cbizmhmwebinar 17 Incident Management Plan • Incident Management Team & Roles • Reference Life/Safety Procedures • Responding to an Incident-Tasks & Assignments • Damage Assessment Procedures • Declaring An Incident • Command Center/Alternate Work Site Location • Communication Planning- Notification Procedures • Initiate BCP Recovery Team
18. #cbizmhmwebinar 18 Business Impact Analysis (BIA) • Interview key business process owners and leadership within the company to identify functions, risks and recovery objectives. • Document findings by functional areas-departments • Identify recovery strategies • Summarize approach into Business Continuity Plan
19. #cbizmhmwebinar 19 Business Continuity Plan • Assigned BCP Recovery Team & Roles • Prioritized Critical Functions & Recovery Time Objectives • Critical Roles, Assignments, Backup Lead/Staff Resources • Critical IT Equipment, Systems & Data Files-Prioritized • Loss of Facility-Alternate Work Space Strategy • Loss of Vendor/Service Provider Dependencies Strategy • Loss of People Strategy • Loss of Technology Strategy
20. #cbizmhmwebinar 20 IT Disaster Recovery Plan • IT Infrastructure Overview • Systems Overview • IT Recovery Strategies • Inventories • System Recovery Procedures • Tasks & Assignments • Technical Specifications • Vendor Dependencies
21. #cbizmhmwebinar 21 Usability Is the implementation of the Plan easy-to-understand by everyone? • Can Executive Management & Crisis Team easily assess the emergency? • Do Department heads understand their roles during an incident? • Does the Plan prioritizes the most critical business functions? (Controls unnecessary documentation) • Are testing/training programs in place to review overall readiness? • Are /procedures developed for manual processing? (Is recoverability dependent on systems availability?) • Can procedures be followed by someone outside the critical function? (You cannot expect availability of all subject matter experts during an incident)
22. #cbizmhmwebinar 22 Recoverability The most important recoverability requirements are often defined by your customers (internally and externally). What are their expectations? • Addresses requirement needs of clients and prospects – Business Continuity Planning and program maintenance is not an option with customers • Must be an ‘Actionable’ plan – continued availability of your services and support that is verifiable • Distinguishes you from your competitors
23. #cbizmhmwebinar 23 THE BUSINESS CONTINUITY PLAN LIFE CYCLE
24. #cbizmhmwebinar 24 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • What is in place today? • Define the Business Continuity Plan project objectives and requirements, scope and cost. • Executive support • Identify BCP Team assignments • Establish Business Continuity policies
25. #cbizmhmwebinar 25 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • Identify client servicing needs and current regulation requirements • Site / Operational assessment and interviews (Business Impact Analysis) • What are the hazards / threats / vulnerabilities? (Risk Assessment) • Key personnel interviews
26. #cbizmhmwebinar 26 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • Where will we go? • How will we operate? • What will we do for our employees?
27. #cbizmhmwebinar 27 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS Create Business Continuity Plans: • Crisis Management – Incident Response • Site / Operational Recovery • IT / Systems Recovery
28. #cbizmhmwebinar 28 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • Who approves the messages and when are they published? • How will we communicate to the media? • How will we communicate with employees? • How will we communicate with customers?
29. #cbizmhmwebinar 29 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • How often do we test? • Who will be involved? • What are the objectives? • Follow-up and lessons learned • Tabletop Exercise for developed Plans
30. #cbizmhmwebinar 30 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • Who is responsible? • How often should it be updated? • How do we communicate changes to the Plan?
31. #cbizmhmwebinar 31 Business Continuity Planning Life Cycle PROJECT INITIATION DISCOVERY – FUNCTIONAL REQUIREMENTS STRATEGIES PLANNING CRISIS COMMUNICAITON EXERCISE / TESTING MAINTAINING / UPDATING TRAINING / AWARENESS • Training people for preparedness: • Home • Work • Understand their roles in recovery • Understand the business commitment to employees and clients
32. #cbizmhmwebinar 32 LOOKING AHEAD
33. #cbizmhmwebinar 33 Elements of an Actionable BCP Program • Risk Evaluation Results and Controls • Business Continuity Defined Strategies • Emergency Response and Operational Procedures • Business Continuity Plans (Site /Dept), IT DR Plans • Testing and Exercises • Awareness & Training Program • Public Relations & Crisis Communication Procedures • Coordination with Public Authorities
34. #cbizmhmwebinar 34 An Ongoing Approach This is a process, not just a project. • Annual risk assessment/BIA, plus plan reviews • Efforts for next year identified before your budget cycle • Annual testing of at least some aspect of the plan • Ongoing BCP coordination
35. #cbizmhmwebinar 35 Summary: Today (Year 1) Focus on: • Assessing impacts and risks. • Establish crisis management-response protocols to react to disruption. • Developing business recovery strategies that respond to assessed risks and impacts. • Testing strategies for viability, effectiveness, and to ensure solutions meet requirements.
36. #cbizmhmwebinar 36 Summary: Business Continuity Tomorrow Evolve the Business Continuity Program to: • Utilize program as a way to establish risk control • Incorporate the program as part of business-as-usual and an extension of normal operations rather than reactive project.
37. #cbizmhmwebinar 37 ? QUESTIONS
38. #cbizmhmwebinar 38 If You Enjoyed This Webinar… Upcoming Courses: • 4/13 & 4/20: First Quarter Accounting & Financial Reporting Issues Update • 4/28 & 5/3: Eye on Washington – Quarterly Business Tax Update Recent Publications: • Cyber Risk - Now, It IS the Daily News • Invest in Specialty Skills and Other Tips for Internal Audit Planning • Prepare for Anything: How to Build an Actionable Incident Response and Recovery Strategy
39. #cbizmhmwebinar 39 Connect with Us linkedin.com/company/ mayer-hoffman-mccann-p.c. @mhm_pc youtube.com/ mayerhoffmanmccann slideshare.net/mhmpc linkedin.com/company/ cbiz-mhm-llc @cbizmhm youtube.com/ BizTipsVideos slideshare.net/CBIZInc MHM CBIZ
40. #cbizmhmwebinar 40 THANK YOU CBIZ & Mayer Hoffman McCann P.C. [email protected]